NCCOE Heralds Release of NIST SP 1800-8 Securing Wireless Infusion Pumps
The National Institute of Standards and Technology (NIST) National Center for Cybersecurity Excellence (NCCOE) has released it's latest draft medical device related security document, entitled 'NIST Special Publication 1800-8 Cybersecurity Special Publication 1800-8 Securing Wireless Infusion Pumps - In Healthcare Delivery Organizations'. Authored by Gavin O'Brien, Sallie Edwards, Kevin Littlefield, Neil McNab, Sue Wang and Kangmin Zheng - the document is available as either a PDF or web-based artifact. Enjoy.
"Medical devices, such as infusion pumps, were once standalone instruments that interacted only with the patient or medical provider. With technological improvements designed to enhance patient care, these devices now connect wirelessly to a variety of systems, networks, and other tools within a healthcare delivery organization (HDO) – ultimately contributing to the Internet of Medical Things (IoMT)." - via the National Center for Cybersecurity Excellence (NCCOE)
Microsoft Owned LinkedIn Creepy New Bluetooth Feature →
Further proof that the End-Of-The-World-Is-Near: Microsoft Corporation's (NasdaqGS: MSFT) LinkedIn just released a new update for the Company's already slightly-suspicious mobile app that permits Bluetooth connectivity (for location tracking) to fellow LinkedIn members. Reportedly, the feature does not require the app to be running... What could possibly go wrong?
Suit of Bose →
News of an interesting privacy related lawsuit, via Fortune writer Jeff John Roberts, is now swirling around personal electronics manufacturer Bose Corporation. Apparently, collecting data (and a viloation of the so-called Wire Tap Act (Codified in 18 U.S.C. §§ 2510-2522)) - through a companion app to the company's best-in-class noise canceling headphones, and the misuse thereof, is the gist... Stay Tuned. Hat Tip
"The complaint accuses Boston-based Bose of violating the WireTap Act and a variety of state privacy laws, adding that a person's audio history can include a window into a person's life and views. "Indeed, one’s personal audio selections – including music, radio broadcast, Podcast, and lecture choices – provide an incredible amount of insight into his or her personality, behavior, political views, and personal identity," says the complaint, noting a person's audio history may contain files like LGBT podcasts or Muslim call-to-prayer recordings." - via Fortune writer Jeff John Roberts
US Congress Sells Out
Ladies and Gentlemen, Girls and Boys: Behold the list of both United States Senators and United States House of Representatives that voted to sell out your personal information while online (i.e., your precious online privacy) for monetary gain.
Each surname noted below, possesses a link to that Senator or Representative's contact page, to make it super-easy to let them know what you think. Oh, and for you parents/grandparents, gaurdians this includes all data requests coming from your home, i.e., your children's' data will also be swept up in this nightmare maelstrom example of the surveillance state. Enjoy
Senate of the UNITED STATES of AMERICA
YEA -- 50
U.S. Senate Roll Call Votes 115th Congress - 1st Session
Question: On the Joint Resolution (S.J. Res. 34 )
Alexander (R-TN)
Barrasso (R-WY)
Blunt (R-MO)
Boozman (R-AR)
Burr (R-NC)
Capito (R-WV)
Cassidy (R-LA)
Cochran (R-MS)
Collins (R-ME)
Corker (R-TN)
Cornyn (R-TX)
Cotton (R-AR)
Crapo (R-ID)
Cruz (R-TX)
Daines (R-MT)
Enzi (R-WY)
Ernst (R-IA)
Fischer (R-NE)
Flake (R-AZ)
Gardner (R-CO)
Graham (R-SC)
Grassley (R-IA)
Hatch (R-UT)
Heller (R-NV)
Hoeven (R-ND)
Inhofe (R-OK)
Johnson (R-WI)
Kennedy (R-LA)
Lankford (R-OK)
Lee (R-UT)
McCain (R-AZ)
McConnell (R-KY)
Moran (R-KS)
Murkowski (R-AK)
Perdue (R-GA)
Portman (R-OH)
Risch (R-ID)
Roberts (R-KS)
Rounds (R-SD)
Rubio (R-FL)
Sasse (R-NE)
Scott (R-SC)
Shelby (R-AL)
Strange (R-AL)
Sullivan (R-AK)
Thune (R-SD)
Tillis (R-NC)
Toomey (R-PA)
Wicker (R-MS)
Young (R-IN)
HOUSE OF REPRESENTATIVES of the UNITED STATES OF AMERICA
YEA -- 215
Abraham (R-LA)
Aderholt (R-AL)
Allen (R-GA)
Amodei (R-NV)
Arrington (R-TX)
Babin (R-TX)
Bacon (R-NE)
Banks (R-IN)
Barletta (R-PA)
Barr (R-KY)
Barton (R-TX)
Bergman (R-MI)
Biggs (R-AZ)
Bilirakis (R-FL)
Bishop (R-MI)
Bishop (R-UT)
Black (R-TN)
Blackburn (R-KY)
Blum (R-IA)
Bost (R-IL)
Brady (R-TX)
Brat (R-VA)
Bridenstine (R-OK)
Brooks (R-IN)
Buchanan (R-FL)
Buck (R-CO)
Bucshon (R-IN)
Budd (R-NC)
Burgess (R-TX)
Byrne (R-AL)
Calvert (R-CA)
Carter (R-GA)
Carter (R-TX)
Chabot (R-OH)
Chaffetz (R-UT)
Cheney (R-WY)
Cole (R-OK)
Collins (R-GA)
Collins (R-NY)
Comer (R-KY)
Comstock (R-VA)
Conaway (R-TX)
Cook (R-CA)
Costello (R-PA)
Cramer (R-ND)
Crawford (R-AR)
Culberson (R-TX)
Curbelo (R-FL)
Davis (R-IL)
Denham (R-CA)
Dent (R-PA)
DeSantis (R-FL)
DesJarlais (R-TN)
Diaz-Balart (R-FL)
Donovan (R-NY)
Duncan (R-SC)
Dunn (R-FL)
Emmer (R-MN)
Farenthold (R-TX)
Ferguson (R-GA)
Fitzpatrick (R-PA)
Fleischmann (R-TN)
Flores (R-TX)
Fortenberry (R-NE)
Foxx (R-NC)
Franks (R-AZ)
Frelinghuysen (R-NJ)
Gaetz (R-FL)
Gallagher (R-WI)
Garrett (R-VA)
Gibbs (R-OH)
Gohmert (R-TX)
Goodlatte (R-VA)
Gosar (R-AZ)
Gowdy (R-SC)
Granger (R-TX)
Graves (R-GA)
Graves (R-LA)
Graves (R-MO)
Griffith (R-VA)
Grothman (R-WI)
Guthrie (R-KY)
Harper (R-MS)
Harris (R-MD)
Hartzler (R-MO)
Hensarling (R-TX)
Hice (R-GA)
Higgins (R-LA)
Holding (R-NC)
Hollingsworth (R-IN)
Hudson (R-NC)
Huizenga (R-MI)
Hultgren (R-IL)
Hunter (R-CA)
Hurd (R-TX)
Issa (R-CA)
Jenkins (R-KS)
Jenkins (R-WV)
Johnson (R-LA)
Johnson (R-OH)
Johnson (R-TX)
Jordan (R-OH)
Joyce (R-OH)
Katko (R-NY)
Kelly (R-MS)
Kelly (R-PA)
King (R-IA)
King (R-NY)
Kinzinger (R-IL)
Knight (R-CA)
Kustoff (R-TN)
Labrador (R-ID)
LaHood (R-IL)
LaMalfa (R-CA)
Lamborn (R-CO)
Lance (R-NJ)
Latta (R-OH)
Lewis (R-MN)
LoBiondo (R-NJ)
Long (R-MO)
Loudermilk (R-GA)
Love (R-UT)
Lucas (R-OK)
Luetkemeyer (R-MO)
MacArthur (R-NJ)
Marchant (R-TX)
Marshall (R-KA)
Massie (R-KY)
Mast (R-FL)
McCarthy (R-CA)
McCaul (R-TX)
McHenry (R-NC)
McKinley (R-WV)
McMorris Rodgers (R-WA)
McSally (R-AZ)
Meadows (R-NC)
Meehan (R-PA)
Messer (R-IN)
Mitchell (R-MI)
Moolenaar (R-MI)
Mooney (R-WV)
Mullin (R-OK)
Murphy (R-PA)
Newhouse (R-WA)
Noem (R-SD)
Nunes (R-CA)
Olson (R-TX)
Palazzo (R-MS)
Palmer (R-AL)
Paulsen (R-MN)
Pearce (R-NM)
Perry (R-PA)
Poe (R-TX)
Poliquin (R-ME)
Posey (R-FL)
Ratcliffe (R-TX)
Reed (R-NY)
Renacci (R-OH)
Rice (R-SC)
Roby (R-AL)
Roe (R-TN)
Rogers (R-AL)
Rogers (R-KY)
Rohrabacher (R-CA)
Rokita (R-IN)
Rooney (R-FL)
Roskam (R-IL)
Ross (R-FL)
Rothfus (R-PA)
Rouzer (R-NC)
Royce (R-CA)
Russell (R-OK)
Rutherford (R-FL)
Scalise (R-LA)
Schweikert (R-AZ)
Scott (R-GA)
Sensenbrenner (R-WI)
Sessions (R-TX)
Shimkus (R-IL)
Shuster (PA-IL)
Smith (R-MO)
Smith (R-NE)
Smith (R-NJ)
Smith (R-TX)
Smucker (R-PA)
Stewart (R-UT)
Stivers (R-OH)
Taylor (R-VA)
Tenney (R-NY)
Thompson (R-PA)
Thornberry (R-TX)
Tiberi (R-OH)
Tipton (R-CO)
Trott (R-MI)
Turner (R-OH)
Upton (R-MI)
Valadao (R-CA)
Wagner (R-MO)
Walberg (R-MI)
Walden (R-OR)
Walker (R-NC)
Walorski (R-IN)
Walters (R-CA)
Weber (R-TX)
Webster (R-FL)
Wenstrup (R-OH)
Westerman (R-AR)
Williams (R-TX)
Wilson (R-SC)
Wittman (R-VA)
Womack (R-AR)
Woodall (R-GA)
Yoho (R-FL)
Young (R-AK)
Young (R-IA)
Self-Healing Endpoint
Apparently, this product is now embedded in a wide range of devices (ranging from Apple Inc. to Dell Computers and more). I do architect & advise end-point security efforts in my work (agnostic that I am - I do not recommend individual products), but certainly not an embedded product in BIOS or EFI. Could it be rightly called 'The Self-Healing Endpoint of Privacy'? Has a meme been created? You be the judge - Me?, I'm going back to paper and pencil, air-gapped (of course - dammit, air-gaps are no guaranty of secure platforms either...). What to do. Tip o' the Hat.
ACM CFP - CODASPY 2017 →
General Chair for the Organizing Committe of the ACM Conference on Data and Appilication Security and Privacy - Gail-Joon Ahn - has issued a Call for Participation for the Confab. Slated for March 22, 2017 through and inclusive of March 24, 2017. THis is sure to be an outstanding conference, with both two outstanding keynotes (which can be found here: http://www.codaspy.org/keynotes/.
Organizing Committee:
- General Chair: Gail-Joon Ahn, Arizona State University
- Program Co-Chairs: Gabriel Ghinita, University of Massachusetts at Boston, Alexander Pretschner, Technische Universität München
- Industry Track Chair: Elisa Bertino, Purdue University
- Poster Chair: Jaehong Park, University of Alabama in Huntsville
- Panel Chair: Adam Doupe, Arizona State University
- Proceedings Chairs: Martin Ochoa, Singapore University of Tech. and Design and Hongxin Hu, Clemson University
- Publicity and Web Chair: Ram Krishnan, UT San Antonio
- Workshop Chair: Adam Lee, University of Pittsburgh
- Local Chair: Ziming Zhao, Arizona State University
- Organization Chairs: Kristina Nelson, Arizona State University and
- Melissa Pagnozzi, Arizona State University
- Steering Committee: Ravi Sandhu, UT San Antonio (Co-Chair), Elisa Bertino, Purdue University (Co-Chair), Alexander Pretschner, Technische Universität München and Gail-Joon Ahn, Arizona State University
Anon, Maiden Fair... →
via the American Association for the Advancement of Science (AAAS), comes this important privacy-and-web-browsing-related press release wordsmithed by John Sullivan of Princeton, with the specific report by Arvind Narayanan, Ph.D., Professor of Computer Science, Princeton University, and Sharad Goel, Ph.D., an Assistant Professor at Stanford University, and others.
"Given a history with 30 links originating from Twitter, we can deduce the corresponding Twitter profile more than 50 percent of the time," the researchers note. "All the evidence we have seen piling up over the years showing the strong limits of data anonymization, including this study, really emphasizes the need to rethink our approach to privacy and data protection in the age of big data..." - via Sharad Goel, an Assistant Professor at Stanford University and an Author of the Study.
Retailers Begin Physical Customer Tracking →
Tracking, that is, with the assistance of Intel Corporation (NASDAQ: INTC), that benevolent arbiter of all things computational... El Reg has conveniently provided a FAQ (direct from the chip fabricator) in their superlatively reported post. Today's Must Read.
Microsoft Begins Selling Windows 10 Telemetry →
News, of Microsoft Corporation (NasdaqGS: MSFT) selling of customer telemetry on Windows 10 has come to light via Martin Kauffman on GHacks. Martin superlatively details the phenomenal audacity of Microsoft in the matter of selling usage information; and, while not surprising, just another indicator of the onerous feet-of-clay syndrome now evident in Redmond. Oh, and by-the-way, the data being shared is with a security firm, simply astounding. As always, you be the judge.
Web of Trust, Not So Trustworthy After All →
Apparently, WOT is now a three letter acronym for Feet of Clay...
Burners, The Tightening
Well wrought thought piece on the use, and misuse, of prepaid cellular telephony hardware, the so-call Burner, and the effort to enforce regulations thereto. Entitled Burner Phones: Will Tightening Restrictions on Prepaid Cell Phones Solve Anything? Certainly today's Must Read post...
191 Million
Thomas Fox-Brewster, writing at Forbes, regales us with the latest display of the demise of privacy: The formerly private records of 191,000,000 United States citizen's voting data, apparently yearning to be free, was granted it's wish and published in an on-line database of reportedly unknown origins... Available for consumption on our beloved interwebs. Astounding.
License Plate Tracking Open Sourced →
Michael Byrne, writing at Vice's Motherboard, details the Open Sourcing of License Plate Tracking bits...
OpenALPR works well and fast, at least judging by the demo. It's also legal for the most part. As EFF lawyer Jennifer Lynch tells Ars Technica, "While a handful of states have passed laws explicitly restricting private citizens and companies from using ALPR technology, outside of those states, there is not much in the law that would prevent someone from using the technology unless its use rises to the level of stalking or harassment. License plates are exposed to public view, and ALPR companies like Vigilant consistently argue they have a First Amendment right to photograph plates and retain the data they collect." - via Michael Byrne, writing at Vice's Motherboard